tunnel-up-initiator

1. Frame 198: 170 bytes on wire (1360 bits), 170 bytes captured (1360 bits)
2. Ethernet II, Src: RealtekU_12:35:02 (52:54:00:12:35:02), Dst: PcsCompu_49:c7:a0 (08:00:27:49:c7:a0)
3. Internet Protocol Version 4, Src: 8.8.4.4, Dst: 172.31.0.1
4. 0100 .... = Version: 4
5. .... 0101 = Header Length: 20 bytes (5)
6. Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
7. Total Length: 156
8. Identification: 0xbe91 (48785)
9. Flags: 0x00
10. Fragment offset: 0
11. Time to live: 51
12. Protocol: UDP (17)
13. Header checksum: 0x1094 [validation disabled]
14. [Header checksum status: Unverified]
15. Source: 8.8.4.4
16. Destination: 172.31.0.1
17. [Source GeoIP: United States, AS15169 Google Inc., 37.750999, -97.821999]
18. [Destination GeoIP: Unknown]
19. User Datagram Protocol, Src Port: 53, Dst Port: 54238
20. Source Port: 53
21. Destination Port: 54238
22. Length: 136
23. Checksum: 0x43ca [unverified]
24. [Checksum Status: Unverified]
25. [Stream index: 9]
26. Domain Name System (response)
27. Transaction ID: 0xf26e
28. Flags: 0x8180 Standard query response, No error
29. Questions: 1
30. Answer RRs: 6
31. Authority RRs: 0
32. Additional RRs: 0
33. Queries
34. www.google.com: type A, class IN
35. Name: www.google.com
36. [Name Length: 14]
37. [Label Count: 3]
38. Type: A (Host Address) (1)
39. Class: IN (0x0001)
40. Answers
41. www.google.com: type A, class IN, addr 74.125.124.105
42. Name: www.google.com
43. Type: A (Host Address) (1)
44. Class: IN (0x0001)
45. Time to live: 138
46. Data length: 4
47. Address: 74.125.124.105
48. www.google.com: type A, class IN, addr 74.125.124.99
49. Name: www.google.com
50. Type: A (Host Address) (1)
51. Class: IN (0x0001)
52. Time to live: 138
53. Data length: 4
54. Address: 74.125.124.99
55. www.google.com: type A, class IN, addr 74.125.124.103
56. Name: www.google.com
57. Type: A (Host Address) (1)
58. Class: IN (0x0001)
59. Time to live: 138
60. Data length: 4
61. Address: 74.125.124.103
62. www.google.com: type A, class IN, addr 74.125.124.104
63. Name: www.google.com
64. Type: A (Host Address) (1)
65. Class: IN (0x0001)
66. Time to live: 138
67. Data length: 4
68. Address: 74.125.124.104
69. www.google.com: type A, class IN, addr 74.125.124.106
70. Name: www.google.com
71. Type: A (Host Address) (1)
72. Class: IN (0x0001)
73. Time to live: 138
74. Data length: 4
75. Address: 74.125.124.106
76. www.google.com: type A, class IN, addr 74.125.124.147
77. Name: www.google.com
78. Type: A (Host Address) (1)
79. Class: IN (0x0001)
80. Time to live: 138
81. Data length: 4
82. Address: 74.125.124.147
83.  
84. Frame 200: 102 bytes on wire (816 bits), 102 bytes captured (816 bits)
85. Ethernet II, Src: RealtekU_12:35:02 (52:54:00:12:35:02), Dst: PcsCompu_49:c7:a0 (08:00:27:49:c7:a0)
86. Internet Protocol Version 4, Src: 8.8.4.4, Dst: 172.31.0.1
87. 0100 .... = Version: 4
88. .... 0101 = Header Length: 20 bytes (5)
89. Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
90. Total Length: 88
91. Identification: 0xe9d3 (59859)
92. Flags: 0x00
93. Fragment offset: 0
94. Time to live: 51
95. Protocol: UDP (17)
96. Header checksum: 0xe595 [validation disabled]
97. [Header checksum status: Unverified]
98. Source: 8.8.4.4
99. Destination: 172.31.0.1
100. [Source GeoIP: United States, AS15169 Google Inc., 37.750999, -97.821999]
101. [Destination GeoIP: Unknown]
102. User Datagram Protocol, Src Port: 53, Dst Port: 54238
103. Source Port: 53
104. Destination Port: 54238
105. Length: 68
106. Checksum: 0x28e5 [unverified]
107. [Checksum Status: Unverified]
108. [Stream index: 9]
109. Domain Name System (response)
110. Transaction ID: 0x0e65
111. Flags: 0x8180 Standard query response, No error
112. Questions: 1
113. Answer RRs: 1
114. Authority RRs: 0
115. Additional RRs: 0
116. Queries
117. www.google.com: type AAAA, class IN
118. Name: www.google.com
119. [Name Length: 14]
120. [Label Count: 3]
121. Type: AAAA (IPv6 Address) (28)
122. Class: IN (0x0001)
123. Answers
124. www.google.com: type AAAA, class IN, addr 2607:f8b0:4001:c12::68
125. Name: www.google.com
126. Type: AAAA (IPv6 Address) (28)
127. Class: IN (0x0001)
128. Time to live: 299
129. Data length: 16
130. AAAA Address: 2607:f8b0:4001:c12::68
131.  
132. Frame 208: 74 bytes on wire (592 bits), 74 bytes captured (592 bits)
133. Ethernet II, Src: RealtekU_12:35:02 (52:54:00:12:35:02), Dst: PcsCompu_49:c7:a0 (08:00:27:49:c7:a0)
134. Internet Protocol Version 4, Src: 74.125.124.105, Dst: 172.31.0.1
135. 0100 .... = Version: 4
136. .... 0101 = Header Length: 20 bytes (5)
137. Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
138. Total Length: 60
139. Identification: 0x0000 (0)
140. Flags: 0x02 (Don't Fragment)
141. Fragment offset: 0
142. Time to live: 63
143. Protocol: TCP (6)
144. Header checksum: 0xc8b5 [validation disabled]
145. [Header checksum status: Unverified]
146. Source: 74.125.124.105
147. Destination: 172.31.0.1
148. [Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404]
149. [Destination GeoIP: Unknown]
150. Transmission Control Protocol, Src Port: 443, Dst Port: 39190, Seq: 0, Ack: 1, Len: 0
151. Source Port: 443
152. Destination Port: 39190
153. [Stream index: 6]
154. [TCP Segment Len: 0]
155. Sequence number: 0 (relative sequence number)
156. Acknowledgment number: 1 (relative ack number)
157. Header Length: 40 bytes
158. Flags: 0x012 (SYN, ACK)
159. 000. .... .... = Reserved: Not set
160. ...0 .... .... = Nonce: Not set
161. .... 0... .... = Congestion Window Reduced (CWR): Not set
162. .... .0.. .... = ECN-Echo: Not set
163. .... ..0. .... = Urgent: Not set
164. .... ...1 .... = Acknowledgment: Set
165. .... .... 0... = Push: Not set
166. .... .... .0.. = Reset: Not set
167. .... .... ..1. = Syn: Set
168. [Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port 443]
169. [Connection establish acknowledge (SYN+ACK): server port 443]
170. [Severity level: Chat]
171. [Group: Sequence]
172. .... .... ...0 = Fin: Not set
173. [TCP Flags: ·······A··S·]
174. Window size value: 28160
175. [Calculated window size: 28160]
176. Checksum: 0x0620 [unverified]
177. [Checksum Status: Unverified]
178. Urgent pointer: 0
179. Options: (20 bytes), Maximum segment size, SACK permitted, Timestamps, No-Operation (NOP), Window scale
180. Maximum segment size: 1360 bytes
181. TCP SACK Permitted Option: True
182. Timestamps: TSval 791361978, TSecr 82386
183. No-Operation (NOP)
184. Type: 1
185. 0... .... = Copy on fragmentation: No
186. .00. .... = Class: Control (0)
187. ...0 0001 = Number: No-Operation (NOP) (1)
188. Window scale: 8 (multiply by 256)
189.  
190. Frame 212: 74 bytes on wire (592 bits), 74 bytes captured (592 bits)
191. Ethernet II, Src: RealtekU_12:35:02 (52:54:00:12:35:02), Dst: PcsCompu_49:c7:a0 (08:00:27:49:c7:a0)
192. Internet Protocol Version 4, Src: 74.125.124.105, Dst: 172.31.0.1
193. 0100 .... = Version: 4
194. .... 0101 = Header Length: 20 bytes (5)
195. Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
196. Total Length: 60
197. Identification: 0x0000 (0)
198. Flags: 0x02 (Don't Fragment)
199. Fragment offset: 0
200. Time to live: 63
201. Protocol: TCP (6)
202. Header checksum: 0xc8b5 [validation disabled]
203. [Header checksum status: Unverified]
204. Source: 74.125.124.105
205. Destination: 172.31.0.1
206. [Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404]
207. [Destination GeoIP: Unknown]
208. Transmission Control Protocol, Src Port: 443, Dst Port: 39190, Seq: 0, Ack: 1, Len: 0
209. Source Port: 443
210. Destination Port: 39190
211. [Stream index: 6]
212. [TCP Segment Len: 0]
213. Sequence number: 0 (relative sequence number)
214. Acknowledgment number: 1 (relative ack number)
215. Header Length: 40 bytes
216. Flags: 0x012 (SYN, ACK)
217. 000. .... .... = Reserved: Not set
218. ...0 .... .... = Nonce: Not set
219. .... 0... .... = Congestion Window Reduced (CWR): Not set
220. .... .0.. .... = ECN-Echo: Not set
221. .... ..0. .... = Urgent: Not set
222. .... ...1 .... = Acknowledgment: Set
223. .... .... 0... = Push: Not set
224. .... .... .0.. = Reset: Not set
225. .... .... ..1. = Syn: Set
226. [Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port 443]
227. [Connection establish acknowledge (SYN+ACK): server port 443]
228. [Severity level: Chat]
229. [Group: Sequence]
230. .... .... ...0 = Fin: Not set
231. [TCP Flags: ·······A··S·]
232. Window size value: 28160
233. [Calculated window size: 28160]
234. Checksum: 0x04f5 [unverified]
235. [Checksum Status: Unverified]
236. Urgent pointer: 0
237. Options: (20 bytes), Maximum segment size, SACK permitted, Timestamps, No-Operation (NOP), Window scale
238. Maximum segment size: 1360 bytes
239. TCP SACK Permitted Option: True
240. Timestamps: TSval 791362277, TSecr 82386
241. No-Operation (NOP)
242. Type: 1
243. 0... .... = Copy on fragmentation: No
244. .00. .... = Class: Control (0)
245. ...0 0001 = Number: No-Operation (NOP) (1)
246. Window scale: 8 (multiply by 256)
247. [SEQ/ACK analysis]
248. [TCP Analysis Flags]
249. [Expert Info (Note/Sequence): This frame is a (suspected) retransmission]
250. [This frame is a (suspected) retransmission]
251. [Severity level: Note]
252. [Group: Sequence]
253. [The RTO for this segment was: 0.090266000 seconds]
254. [RTO based on delta from frame: 208]
255.  
256. Frame 270: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
257. Ethernet II, Src: RealtekU_12:35:02 (52:54:00:12:35:02), Dst: PcsCompu_49:c7:a0 (08:00:27:49:c7:a0)
258. Internet Protocol Version 4, Src: 74.125.124.105, Dst: 172.31.0.1
259. 0100 .... = Version: 4
260. .... 0101 = Header Length: 20 bytes (5)
261. Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
262. Total Length: 52
263. Identification: 0x0000 (0)
264. Flags: 0x02 (Don't Fragment)
265. Fragment offset: 0
266. Time to live: 63
267. Protocol: TCP (6)
268. Header checksum: 0xc8bd [validation disabled]
269. [Header checksum status: Unverified]
270. Source: 74.125.124.105
271. Destination: 172.31.0.1
272. [Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404]
273. [Destination GeoIP: Unknown]
274. Transmission Control Protocol, Src Port: 443, Dst Port: 39190, Seq: 2316, Ack: 196, Len: 0
275. Source Port: 443
276. Destination Port: 39190
277. [Stream index: 6]
278. [TCP Segment Len: 0]
279. Sequence number: 2316 (relative sequence number)
280. Acknowledgment number: 196 (relative ack number)
281. Header Length: 32 bytes
282. Flags: 0x011 (FIN, ACK)
283. 000. .... .... = Reserved: Not set
284. ...0 .... .... = Nonce: Not set
285. .... 0... .... = Congestion Window Reduced (CWR): Not set
286. .... .0.. .... = ECN-Echo: Not set
287. .... ..0. .... = Urgent: Not set
288. .... ...1 .... = Acknowledgment: Set
289. .... .... 0... = Push: Not set
290. .... .... .0.. = Reset: Not set
291. .... .... ..0. = Syn: Not set
292. .... .... ...1 = Fin: Set
293. [Expert Info (Chat/Sequence): Connection finish (FIN)]
294. [Connection finish (FIN)]
295. [Severity level: Chat]
296. [Group: Sequence]
297. [TCP Flags: ·······A···F]
298. Window size value: 115
299. [Calculated window size: 29440]
300. [Window size scaling factor: 256]
301. Checksum: 0x6ca7 [unverified]
302. [Checksum Status: Unverified]
303. Urgent pointer: 0
304. Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
305. No-Operation (NOP)
306. Type: 1
307. 0... .... = Copy on fragmentation: No
308. .00. .... = Class: Control (0)
309. ...0 0001 = Number: No-Operation (NOP) (1)
310. No-Operation (NOP)
311. Type: 1
312. 0... .... = Copy on fragmentation: No
313. .00. .... = Class: Control (0)
314. ...0 0001 = Number: No-Operation (NOP) (1)
315. Timestamps: TSval 791372687, TSecr 82845
316.  
317. Frame 289: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
318. Ethernet II, Src: RealtekU_12:35:02 (52:54:00:12:35:02), Dst: PcsCompu_49:c7:a0 (08:00:27:49:c7:a0)
319. Internet Protocol Version 4, Src: 74.125.124.105, Dst: 172.31.0.1
320. 0100 .... = Version: 4
321. .... 0101 = Header Length: 20 bytes (5)
322. Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
323. Total Length: 52
324. Identification: 0x0000 (0)
325. Flags: 0x02 (Don't Fragment)
326. Fragment offset: 0
327. Time to live: 63
328. Protocol: TCP (6)
329. Header checksum: 0xc8bd [validation disabled]
330. [Header checksum status: Unverified]
331. Source: 74.125.124.105
332. Destination: 172.31.0.1
333. [Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404]
334. [Destination GeoIP: Unknown]
335. Transmission Control Protocol, Src Port: 443, Dst Port: 39190, Seq: 2317, Ack: 196, Len: 0
336. Source Port: 443
337. Destination Port: 39190
338. [Stream index: 6]
339. [TCP Segment Len: 0]
340. Sequence number: 2317 (relative sequence number)
341. Acknowledgment number: 196 (relative ack number)
342. Header Length: 32 bytes
343. Flags: 0x010 (ACK)
344. 000. .... .... = Reserved: Not set
345. ...0 .... .... = Nonce: Not set
346. .... 0... .... = Congestion Window Reduced (CWR): Not set
347. .... .0.. .... = ECN-Echo: Not set
348. .... ..0. .... = Urgent: Not set
349. .... ...1 .... = Acknowledgment: Set
350. .... .... 0... = Push: Not set
351. .... .... .0.. = Reset: Not set
352. .... .... ..0. = Syn: Not set
353. .... .... ...0 = Fin: Not set
354. [TCP Flags: ·······A····]
355. Window size value: 115
356. [Calculated window size: 29440]
357. [Window size scaling factor: 256]
358. Checksum: 0x3a1f [unverified]
359. [Checksum Status: Unverified]
360. Urgent pointer: 0
361. Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
362. No-Operation (NOP)
363. Type: 1
364. 0... .... = Copy on fragmentation: No
365. .00. .... = Class: Control (0)
366. ...0 0001 = Number: No-Operation (NOP) (1)
367. No-Operation (NOP)
368. Type: 1
369. 0... .... = Copy on fragmentation: No
370. .00. .... = Class: Control (0)
371. ...0 0001 = Number: No-Operation (NOP) (1)
372. Timestamps: TSval 791383117, TSecr 85351
373. [SEQ/ACK analysis]
374. [TCP Analysis Flags]
375. [This is a TCP duplicate ack]
376. [Duplicate ACK #: 1]
377. [Duplicate to the ACK in frame: 217]
378. [Expert Info (Note/Sequence): Duplicate ACK (#1)]
379. [Duplicate ACK (#1)]
380. [Severity level: Note]
381. [Group: Sequence]
382.  
383. Frame 396: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
384. Ethernet II, Src: RealtekU_12:35:02 (52:54:00:12:35:02), Dst: PcsCompu_49:c7:a0 (08:00:27:49:c7:a0)
385. Internet Protocol Version 4, Src: 74.125.124.105, Dst: 172.31.0.1
386. 0100 .... = Version: 4
387. .... 0101 = Header Length: 20 bytes (5)
388. Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
389. Total Length: 52
390. Identification: 0x0000 (0)
391. Flags: 0x02 (Don't Fragment)
392. Fragment offset: 0
393. Time to live: 63
394. Protocol: TCP (6)
395. Header checksum: 0xc8bd [validation disabled]
396. [Header checksum status: Unverified]
397. Source: 74.125.124.105
398. Destination: 172.31.0.1
399. [Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404]
400. [Destination GeoIP: Unknown]
401. Transmission Control Protocol, Src Port: 443, Dst Port: 39190, Seq: 2317, Ack: 196, Len: 0
402. Source Port: 443
403. Destination Port: 39190
404. [Stream index: 6]
405. [TCP Segment Len: 0]
406. Sequence number: 2317 (relative sequence number)
407. Acknowledgment number: 196 (relative ack number)
408. Header Length: 32 bytes
409. Flags: 0x010 (ACK)
410. 000. .... .... = Reserved: Not set
411. ...0 .... .... = Nonce: Not set
412. .... 0... .... = Congestion Window Reduced (CWR): Not set
413. .... .0.. .... = ECN-Echo: Not set
414. .... ..0. .... = Urgent: Not set
415. .... ...1 .... = Acknowledgment: Set
416. .... .... 0... = Push: Not set
417. .... .... .0.. = Reset: Not set
418. .... .... ..0. = Syn: Not set
419. .... .... ...0 = Fin: Not set
420. [TCP Flags: ·······A····]
421. Window size value: 115
422. [Calculated window size: 29440]
423. [Window size scaling factor: 256]
424. Checksum: 0x112b [unverified]
425. [Checksum Status: Unverified]
426. Urgent pointer: 0
427. Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
428. No-Operation (NOP)
429. Type: 1
430. 0... .... = Copy on fragmentation: No
431. .00. .... = Class: Control (0)
432. ...0 0001 = Number: No-Operation (NOP) (1)
433. No-Operation (NOP)
434. Type: 1
435. 0... .... = Copy on fragmentation: No
436. .00. .... = Class: Control (0)
437. ...0 0001 = Number: No-Operation (NOP) (1)
438. Timestamps: TSval 791393601, TSecr 85351
439. [SEQ/ACK analysis]
440. [TCP Analysis Flags]
441. [This is a TCP duplicate ack]
442. [Duplicate ACK #: 2]
443. [Duplicate to the ACK in frame: 217]
444. [Expert Info (Note/Sequence): Duplicate ACK (#2)]
445. [Duplicate ACK (#2)]
446. [Severity level: Note]
447. [Group: Sequence]
448.  
449. Frame 453: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
450. Ethernet II, Src: RealtekU_12:35:02 (52:54:00:12:35:02), Dst: PcsCompu_49:c7:a0 (08:00:27:49:c7:a0)
451. Internet Protocol Version 4, Src: 74.125.124.105, Dst: 172.31.0.1
452. 0100 .... = Version: 4
453. .... 0101 = Header Length: 20 bytes (5)
454. Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
455. Total Length: 52
456. Identification: 0x0000 (0)
457. Flags: 0x02 (Don't Fragment)
458. Fragment offset: 0
459. Time to live: 63
460. Protocol: TCP (6)
461. Header checksum: 0xc8bd [validation disabled]
462. [Header checksum status: Unverified]
463. Source: 74.125.124.105
464. Destination: 172.31.0.1
465. [Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404]
466. [Destination GeoIP: Unknown]
467. Transmission Control Protocol, Src Port: 443, Dst Port: 39190, Seq: 2317, Ack: 196, Len: 0
468. Source Port: 443
469. Destination Port: 39190
470. [Stream index: 6]
471. [TCP Segment Len: 0]
472. Sequence number: 2317 (relative sequence number)
473. Acknowledgment number: 196 (relative ack number)
474. Header Length: 32 bytes
475. Flags: 0x010 (ACK)
476. 000. .... .... = Reserved: Not set
477. ...0 .... .... = Nonce: Not set
478. .... 0... .... = Congestion Window Reduced (CWR): Not set
479. .... .0.. .... = ECN-Echo: Not set
480. .... ..0. .... = Urgent: Not set
481. .... ...1 .... = Acknowledgment: Set
482. .... .... 0... = Push: Not set
483. .... .... .0.. = Reset: Not set
484. .... .... ..0. = Syn: Not set
485. .... .... ...0 = Fin: Not set
486. [TCP Flags: ·······A····]
487. Window size value: 115
488. [Calculated window size: 29440]
489. [Window size scaling factor: 256]
490. Checksum: 0xe6f4 [unverified]
491. [Checksum Status: Unverified]
492. Urgent pointer: 0
493. Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
494. No-Operation (NOP)
495. Type: 1
496. 0... .... = Copy on fragmentation: No
497. .00. .... = Class: Control (0)
498. ...0 0001 = Number: No-Operation (NOP) (1)
499. No-Operation (NOP)
500. Type: 1
501. 0... .... = Copy on fragmentation: No
502. .00. .... = Class: Control (0)
503. ...0 0001 = Number: No-Operation (NOP) (1)
504. Timestamps: TSval 791404407, TSecr 85351
505. [SEQ/ACK analysis]
506. [TCP Analysis Flags]
507. [This is a TCP duplicate ack]
508. [Duplicate ACK #: 3]
509. [Duplicate to the ACK in frame: 217]
510. [Expert Info (Note/Sequence): Duplicate ACK (#3)]
511. [Duplicate ACK (#3)]
512. [Severity level: Note]
513. [Group: Sequence]